Vulnerabilities > Debian > Critical

DATE CVE VULNERABILITY TITLE RISK
2018-11-12 CVE-2018-19199 Integer Overflow or Wraparound vulnerability in multiple products
An issue was discovered in uriparser before 0.9.0.
network
low complexity
uriparser-project debian CWE-190
critical
 9.8
9.8
2018-11-12 CVE-2018-19198 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in uriparser before 0.9.0.
network
low complexity
uriparser-project debian CWE-787
critical
 9.8
9.8
2018-11-08 CVE-2018-19115 Out-of-bounds Write vulnerability in multiple products
keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no validation of the status code and instead writes an unlimited amount of data to the heap.
network
low complexity
keepalived debian redhat CWE-787
critical
 9.8
9.8
2018-10-31 CVE-2018-16842 Out-of-bounds Read vulnerability in multiple products
Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.
network
low complexity
haxx canonical debian CWE-125
critical
 9.1
9.1
2018-10-31 CVE-2018-16839 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service.
network
low complexity
haxx debian canonical CWE-119
critical
 9.8
9.8
2018-10-19 CVE-2018-4013 Out-of-bounds Write vulnerability in multiple products
An exploitable code execution vulnerability exists in the HTTP packet-parsing functionality of the LIVE555 RTSP server library version 0.92.
network
low complexity
live555 debian CWE-787
critical
 9.8
9.8
2018-10-18 CVE-2018-5188 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8.
network
low complexity
debian canonical mozilla redhat CWE-119
critical
 9.8
9.8
2018-10-18 CVE-2018-5187 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Memory safety bugs present in Firefox 60 and Firefox ESR 60.
network
low complexity
debian canonical mozilla CWE-119
critical
 9.8
9.8
2018-10-18 CVE-2018-5156 Improper Input Validation vulnerability in multiple products
A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring.
network
low complexity
redhat debian canonical mozilla CWE-20
critical
 9.8
9.8
2018-10-18 CVE-2018-12387 Improper Input Validation vulnerability in multiple products
A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout.
network
low complexity
redhat debian canonical mozilla CWE-20
critical
 9.1
9.1